apiVersion: apps/v1
kind: Deployment
metadata:
  name: netchecker-server
  namespace: {{ netcheck_namespace }}
  labels:
    app: netchecker-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: netchecker-server
  template:
    metadata:
      name: netchecker-server
      labels:
        app: netchecker-server
    spec:
      priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
      volumes:
        - name: etcd-data
          emptyDir: {}
      containers:
        - name: netchecker-server
          image: "{{ netcheck_server_image_repo }}:{{ netcheck_server_image_tag }}"
          imagePullPolicy: {{ k8s_image_pull_policy }}
          resources:
            limits:
              cpu: {{ netchecker_server_cpu_limit }}
              memory: {{ netchecker_server_memory_limit }}
            requests:
              cpu: {{ netchecker_server_cpu_requests }}
              memory: {{ netchecker_server_memory_requests }}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: ['ALL']
            runAsUser: {{ netchecker_server_user | default('0') }}
            runAsGroup: {{ netchecker_server_group | default('0') }}
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          ports:
            - containerPort: 8081
          args:
            - -v={{ netchecker_server_log_level }}
            - -logtostderr
            - -kubeproxyinit=false
            - -endpoint=0.0.0.0:8081
            - -etcd-endpoints=http://127.0.0.1:2379
        - name: etcd
          image: "{{ etcd_image_repo }}:{{ netcheck_etcd_image_tag }}"
          imagePullPolicy: {{ k8s_image_pull_policy }}
          env:
            - name: ETCD_LOG_LEVEL
              value: "{{ netchecker_etcd_log_level }}"
          command:
            - etcd
            - --listen-client-urls=http://127.0.0.1:2379
            - --advertise-client-urls=http://127.0.0.1:2379
            - --data-dir=/var/lib/etcd
            - --enable-v2
            - --force-new-cluster
          volumeMounts:
            - mountPath: /var/lib/etcd
              name: etcd-data
          resources:
            limits:
              cpu: {{ netchecker_etcd_cpu_limit }}
              memory: {{ netchecker_etcd_memory_limit }}
            requests:
              cpu: {{ netchecker_etcd_cpu_requests }}
              memory: {{ netchecker_etcd_memory_requests }}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: ['ALL']
            runAsUser: {{ netchecker_server_user | default('0') }}
            runAsGroup: {{ netchecker_server_group | default('0') }}
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
      tolerations:
        - effect: NoSchedule
          operator: Exists
      serviceAccountName: netchecker-server
